slackhq/nebula

Nebula is an open-source networking tool that creates a private, encrypted network spanning any number of computers across the internet. Think of it as building your own private network, like a VPN (Virtual Private Network), but designed so that all participating machines communicate directly with each other rather than routing everything through a single central server. The way it works: you set up a "certificate authority" (a trusted source that issues digital identity cards to each machine), sign certificates for each computer, and run the Nebula software on each one. One or more "lighthouse" nodes (servers with stable public IP addresses) help machines find each other on the network. After that, the machines communicate directly and securely, even if they are behind firewalls or home routers. The encryption uses Elliptic-curve Diffie-Hellman key exchange and AES-256-GCM, industry-standard cryptographic methods. You can define traffic rules between groups of machines, controlling which machines can reach which others, similar to firewall or cloud security group rules. Nebula runs on Linux, Windows, macOS, FreeBSD, iOS, and Android. It is written in Go and can be installed from distribution packages on most Linux systems or via Homebrew on macOS. A managed hosted version called Defined Networking handles the infrastructure for you if you don't want to run your own lighthouses. You would use Nebula to securely connect remote workers, servers in different data centers, or personal devices into a single private network without relying on a commercial VPN service.